Η Google released it Chrome 91.0.4472.114 for Windows, Mac and Linux for correction four vulnerabilities, one of which is a serious one zero-day vulnerability, which has already begun to be used in attacks.
This version was released yesterday, June 17, 2021, on the Stable desktop channel and will be available to all users in the coming days.
The Chrome browser will probably be upgraded automatically, but you can also do a manual update by going to Settings> Help> About Google Chrome.
Chrome browser: New zero-day vulnerability
"Google knows there is an exploit for vulnerabilities CVE-2021-30554", The company states in communication her.
Exploiting this vulnerability could lead to Execute code on computers that are running updates for Google Chrome browser.
Although Google says it is aware that the CVE-2021-30554 vulnerability has been used, it has not provided any information about these attacks.
"Access to bug details and links may remain restricted until most users are informed"The company said.
Google has fixed three more "use after free" bugs found on Chrome Sharing, WebAudio and TabGroups components (CVE-2021-30555, CVE-2021-30556, and CVE-2021-30557).
The seventh Chrome zero-vulnerability corrected by Google this year
Yesterday's update released by Google fixes the seventh Chrome zero-day vulnerability for this year. The other six are:
- CVE-2021-21148 - 4 February 2021
- CVE-2021-21166 - March 2, 2021
- CVE-2021-21193 - March 12, 2021
- CVE-2021-21220 - April 13, 2021
- CVE-2021-21224 - April 20, 2021
- CVE-2021-30551 - 9 June 2021
In the meantime, the Kaspersky reported that a hacking group known as Puzzlemaker combines zero-day Chrome bugs with other vulnerabilities to get out of the browser sandbox and install malware on systems Windows.
Η Project Zero, Google's zero-day debugger team also unveiled a major campaign in which hackers used 11 zero-days to attack Windows, iOS and Android users.
Source: Bleeping Computer